Ransom

What is “Ransom:Win32/LockScreen”?

Malware Removal

The Ransom:Win32/LockScreen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:Win32/LockScreen virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom:Win32/LockScreen?


File Info:

crc32: 2DD14099
md5: 06f65297d4d42ff9936e94ad1c1883d2
name: 06F65297D4D42FF9936E94AD1C1883D2.mlw
sha1: e763ddc77c69df7474b65dc185d25e10ea1cc2bd
sha256: c1c99d9d73cf8407cba7911f4d31118d54031052add5a3888442d76ba979397b
sha512: 580f5bd33ab0d309d939d93e932ab34ac03b008e7c9166c51317039ee0a463462724147b5c863a5c070bce83857212f9b9631f4a44470b150a0c0209d82d48b3
ssdeep: 12288:ekYVKktL4b9ouhuT/SmLackkKcakSx/L5FW8l/0RDvO2YSxBeZUL:P0L4Zouhurwtx/VFL/S6lABd
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: Blare xa9 Slums Mime 1999-2008
InternalName: Folly
FileVersion: 8.2
CompanyName: Cutting Edge Software Inc.
Comments: Pant
ProductName: Sentry Prong Martyr
ProductVersion: 8.2
FileDescription: Leona
OriginalFilename: Dwell.exe
Translation: 0x0409 0x04b0

Ransom:Win32/LockScreen also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanTrojan.Ransom.GD
FireEyeGeneric.mg.06f65297d4d42ff9
CAT-QuickHealRansom.MSILLockScreen.AO9
ALYacTrojan.Ransom.GD
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055e4091 )
BitDefenderTrojan.Ransom.GD
K7GWTrojan ( 0055e4091 )
Cybereasonmalicious.7d4d42
BitDefenderThetaGen:NN.ZexaF.34590.MmKfauL30loi
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Lockscreen-46
KasperskyHEUR:Hoax.Win32.ArchSMS.gen
AlibabaTrojan:Win32/ArchSMS.07699ec0
NANO-AntivirusTrojan.Win32.Pihun.msiir
AegisLabTrojan.Win32.Gimemo.lzpj
RisingRansom.LockScreen!8.83D (CLOUD)
Ad-AwareTrojan.Ransom.GD
SophosML/PE-A + Troj/Ransom-FC
ComodoMalware@#1xhcvt78c543q
F-SecureTrojan.TR/Crypt.ULPM.Gen2
DrWebTrojan.Winlock.3285
ZillyaTrojan.LockScreen.Win32.1759
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.jc
EmsisoftTrojan.Ransom.GD (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Pihun.x
WebrootW32.Trojan.Gen
AviraTR/Crypt.ULPM.Gen2
MAXmalware (ai score=100)
Antiy-AVLTrojan[Packed]/Win32.Krap
MicrosoftRansom:Win32/LockScreen
ArcabitTrojan.Ransom.GD
SUPERAntiSpywareTrojan.Agent/Gen-MalPE
ZoneAlarmHEUR:Hoax.Win32.ArchSMS.gen
GDataTrojan.Ransom.GD
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Gen
McAfeeArtemis!06F65297D4D4
VBA32Trojan.Dynamer
MalwarebytesMalware.Heuristic.1003
PandaGeneric Malware
ESET-NOD32Win32/LockScreen.AIV
TrendMicro-HouseCallHV_ZYX_BG310034.TOMC
TencentWin32.Trojan.Lockscreen.Hza
YandexTrojan.Pihun!tb+v04lYXtA
IkarusTrojan.Win32.LockScreen
eGambitGeneric.Malware
FortinetW32/Yakes.LS!tr
MaxSecureTrojan.Malware.1960844.susgen
AVGWin32:Malware-gen
AvastWin32:Malware-gen
Qihoo-360Malware.Radar01.Gen

How to remove Ransom:Win32/LockScreen?

Ransom:Win32/LockScreen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment